1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <?xml-stylesheet type="text/xsl" href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"?>
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
7 This file is part of systemd.
9 Copyright 2010 Lennart Poettering
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 <refentry id="systemd.socket">
27 <title>systemd.socket</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>systemd.socket</refentrytitle>
42 <manvolnum>5</manvolnum>
46 <refname>systemd.socket</refname>
47 <refpurpose>systemd socket configuration files</refpurpose>
51 <para><filename>systemd.socket</filename></para>
55 <title>Description</title>
57 <para>A unit configuration file whose name ends in
58 <filename>.socket</filename> encodes information about
59 an IPC or network socket or a file system FIFO
60 controlled and supervised by systemd, for socket-based
63 <para>This man page lists the configuration options
64 specific to this unit type. See
65 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
66 for the common options of all unit configuration
67 files. The common configuration items are configured
68 in the generic [Unit] and [Install] sections. The
69 socket specific configuration options are configured
70 in the [Socket] section.</para>
72 <para>Additional options are listed in
73 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
75 <para>For each socket file a matching service file
77 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
78 for details) must exist, describing the service to
79 start on incoming traffic on the socket. Depending on
80 the setting of <option>Accept=</option> (see below)
81 this must either be named like the socket unit, but
82 with the suffix replaced; or it must be a template
83 file named the same way. Example: a socket file
84 <filename>foo.socket</filename> needs a matching
85 service <filename>foo.service</filename> if
86 <option>Accept=false</option> is set. If
87 <option>Accept=true</option> is set a service template
88 file <filename>foo@.service</filename> must exist from
89 which services are instantiated for each incoming
92 <para>Socket units may be used to implement on-demand
93 starting of services as well as parallelized starting
98 <title>Options</title>
100 <para>Socket files must include a [Socket] section,
101 which carries information about the socket or FIFO it
102 supervises. A number of options that may be used in
103 this section are shared with other unit types. These
104 options are documented in
105 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
106 options specific to the [Socket] section of socket
107 units are the following:</para>
111 <term><varname>ListenStream=</varname></term>
112 <term><varname>ListenDatagram=</varname></term>
113 <term><varname>ListenSequentialPacket=</varname></term>
114 <listitem><para>Specifies an address
115 to listen on for a stream
116 (SOCK_STREAM), datagram (SOCK_DGRAM)
117 resp. sequential packet
118 (SOCK_SEQPACKET) socket. The address
119 can be written in various formats:</para>
121 <para>If the address starts with a
122 slash (/), it is read as file system
123 socket in the AF_UNIX socket
126 <para>If the address starts with an
127 ampersand (@) it is read as abstract
128 namespace socket in the AF_UNIX
129 family. The @ is replaced with a NUL
130 character before binding. For details
132 <citerefentry><refentrytitle>unix</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
134 <para>If the address string is a
135 single number it is read as port
136 number to listen on for both IPv4 and
139 <para>If the address string is a
140 string in the format v.w.x.y:z it is
141 read as IPv4 specifier for listening
142 on an address v.w.x.y on a port
145 <para>If the address string is a
146 string in the format [x]:y it is read
147 as IPv6 address x on a port y.</para>
149 <para>Note that SOCK_SEQPACKET
150 (i.e. <varname>ListenSequentialPacket=</varname>)
151 is only available for AF_UNIX
153 (i.e. <varname>ListenStream=</varname>)
154 when used for IP sockets refers to TCP
156 (i.e. <varname>ListenDatagram=</varname>)
159 <para>These options may be specified
160 more than once in which case incoming
161 traffic on any of the sockets will trigger
162 service activation, and all listed
163 sockets will be passed to the service,
164 regardless whether there is incoming
165 traffic on them or not.</para>
167 <para>If an IP address is used here it
168 is often desirable to listen on it
169 before the interface it is configured
170 on is up and running, and even
171 regardless whether it will be up and
172 running ever at all. To deal with this it is
173 recommended to set the
174 <varname>FreeBind=</varname> option
175 described below.</para></listitem>
179 <term><varname>ListenFIFO=</varname></term>
180 <listitem><para>Specifies a file
181 system FIFO to listen on. This expects
182 an absolute file system path as
183 argument. Behaviour otherwise is very
185 <varname>ListenDatagram=</varname>
186 directive above.</para></listitem>
190 <term><varname>BindIPv6Only=</varname></term>
191 <listitem><para>Takes a one of
192 <option>default</option>,
193 <option>both</option> or
194 <option>ipv6-only</option>. Controls
195 the IPV6_V6ONLY socket option (see
196 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
198 <option>both</option>, IPv6 sockets
199 bound will be accessible via both IPv4
201 <option>ipv6-only</option>, they will
202 be accessible via IPv6 only. If
203 <option>default</option> (which is the
204 default, surprise!) the system wide
205 default setting is used, as controlled
207 <filename>/proc/sys/net/ipv6/bindv6only</filename>.</para>
212 <term><varname>Backlog=</varname></term>
213 <listitem><para>Takes an unsigned
214 integer argument. Specifies the number
215 of connections to queue that have not
216 been accepted yet. This setting
217 matters only for stream and sequential
219 <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
220 for details. Defaults to SOMAXCONN
221 (128).</para></listitem>
225 <term><varname>BindToDevice=</varname></term>
226 <listitem><para>Specifies a network
227 interface name to bind this socket
228 to. If set traffic will only be
229 accepted from the specified network
230 interfaces. This controls the
231 SO_BINDTODEVICE socket option (see
232 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
233 for details). If this option is used
234 an automatic dependency from this
235 socket unit on the network interface
237 (<citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
238 is created.</para></listitem>
242 <term><varname>DirectoryMode=</varname></term>
243 <listitem><para>If listening on a file
244 system socket of FIFO the parent
245 directories are automatically created
246 if needed. This option specifies the
247 file system access mode used when
248 creating these directories. Defaults
249 to 0755.</para></listitem>
253 <term><varname>SocketMode=</varname></term>
254 <listitem><para>If listening on a file
255 system socket of FIFO this option
256 specifies the file system access mode
257 used when creating the file
259 0666.</para></listitem>
263 <term><varname>Accept=</varname></term>
264 <listitem><para>Takes a boolean
265 argument. If true a service instance
266 is spawned for each incoming
267 connection and only the connection
268 socket is passed to it. If false all
269 listening sockets themselves are
270 passed to the started service unit,
271 and only one service unit is spawned
272 for all connections (also see
273 above). This value is ignored for
274 datagram sockets and FIFOs where
275 unconditionally a single service unit
276 handles all incoming traffic. Defaults
277 to <option>false</option>. For
278 performance reasons it is recommended
279 to write new daemons only in a way
281 <option>Accept=false</option>. This
282 option is mostly useful to allow
283 daemons designed for usage with
284 <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
285 to work unmodified with system socket
286 activation.</para></listitem>
290 <term><varname>MaxConnections=</varname></term>
291 <listitem><para>The maximum number of
292 connections to simultaneously run
293 services instances for, when
294 <option>Accept=true</option> is
295 set. If more concurrent connections
296 are coming in they will be refused,
297 until at least one existing connection
298 is terminated. This setting has no
299 effect for sockets configured with
300 <option>Accept=no</option> or datagram
302 64.</para></listitem>
306 <term><varname>KeepAlive=</varname></term>
307 <listitem><para>Takes a boolean
308 argument. If true, the TCP/IP stack
309 will send a keep alive message after
310 2h (depending on the configuration of
311 <filename>/proc/sys/net/ipv4/tcp_keepalive_time</filename>)
312 for all TCP streams accepted on this
313 socket. This controls the SO_KEEPALIVE
315 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
317 url="http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/">TCP
318 Keepalive HOWTO</ulink> for details.)
320 <option>false</option>.</para></listitem>
324 <term><varname>Priority=</varname></term>
325 <listitem><para>Takes an integer
326 argument controlling the priority for
327 all traffic sent from this
328 socket. This controls the SO_PRIORITY
330 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
331 for details.).</para></listitem>
335 <term><varname>ReceiveBuffer=</varname></term>
336 <term><varname>SendBuffer=</varname></term>
337 <listitem><para>Takes an integer
338 argument controlling the receive
339 resp. send buffer sizes of this
340 socket. This controls the SO_RCVBUF
341 resp. SO_SNDBUF socket options (see
342 <citerefentry><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>
343 for details.).</para></listitem>
347 <term><varname>IPTOS=</varname></term>
348 <listitem><para>Takes an integer
349 argument controlling the IP
350 Type-Of-Service field for packets
351 generated from this socket. This
352 controls the IP_TOS socket option (see
353 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
354 for details.). Either a numeric string
355 or one of <option>low-delay</option>,
356 <option>throughput</option>,
357 <option>reliability</option> or
358 <option>low-cost</option> may be
359 specified.</para></listitem>
363 <term><varname>IPTTL=</varname></term>
364 <listitem><para>Takes an integer
365 argument controlling the IPv4
366 Time-To-Live/IPv6 Hop-Count field for
367 packets generated from this
368 socket. This sets the
369 IP_TTL/IPV6_UNICAST_HOPS socket
371 <citerefentry><refentrytitle>ip</refentrytitle><manvolnum>7</manvolnum></citerefentry>
373 <citerefentry><refentrytitle>ipv6</refentrytitle><manvolnum>7</manvolnum></citerefentry>
374 for details.)</para></listitem>
378 <term><varname>Mark=</varname></term>
379 <listitem><para>Takes an integer
380 value. Controls the firewall mark of
381 packets generated by this socket. This
382 can be used in the firewall logic to
383 filter packets from this socket. This
384 sets the SO_MARK socket option. See
385 <citerefentry><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry>
386 for details.</para></listitem>
390 <term><varname>PipeSize=</varname></term>
391 <listitem><para>Takes an integer
392 value. Controls the pipe buffer size
393 of FIFOs configured in this socket
395 <citerefentry><refentrytitle>fcntl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
396 for details.</para></listitem>
400 <term><varname>FreeBind=</varname></term>
401 <listitem><para>Takes a boolean
402 value. Controls whether the socket can
403 be bound to non-local IP
404 addresses. This is useful to configure
405 sockets listening on specific IP
406 addresses before those IP addresses
407 are successfully configured on a
408 network interface. This sets the
409 IP_FREEBIND socket option. For
410 robustness reasons it is recommended
411 to use this option whenever you bind a
412 socket to a specific IP
413 address. Defaults to <option>false</option>.</para></listitem>
417 <term><varname>ExecStartPre=</varname></term>
418 <term><varname>ExecStartPost=</varname></term>
419 <listitem><para>Takes a command line
420 that is executed before (resp. after)
421 the listening sockets/FIFOs are created and
422 bound. The first token of the command
423 line must be an absolute file name,
424 then followed by arguments for the
425 process. If specified more than once,
426 all commands are executed one after
427 the other, serially. Use of these
428 settings is optional.</para></listitem>
432 <term><varname>ExecStopPre=</varname></term>
433 <term><varname>ExecStopPost=</varname></term>
434 <listitem><para>Additional commands
435 that are executed before (resp. after)
436 the listening sockets/FIFOs are closed
437 and removed. If specified more than
438 once, all commands are executed one
439 after the other, serially. Use of
441 optional.</para></listitem>
445 <term><varname>TimeoutSec=</varname></term>
446 <listitem><para>Configures the time to
447 wait for the commands specified in
448 <varname>ExecStartPre=</varname>,
449 <varname>ExecStartPost=</varname>,
450 <varname>ExecStopPre=</varname> and
451 <varname>ExecStopPost=</varname> to
452 finish. If a comand does not exit
453 within the configured time the socket
454 will be considered failed and be shut
455 down again. All commands still running
456 will be terminated forcibly via
457 SIGTERM, and after another delay of
458 this time with SIGKILL. (See
459 <option>KillMode=</option> below.)
460 Takes a unit-less value in seconds, or
461 a time span value such as "5min
462 20s". Pass 0 to disable the timeout
464 60s.</para></listitem>
468 <term><varname>KillMode=</varname></term>
469 <listitem><para>Specifies how
470 processes of this socket unit shall be
472 <option>control-group</option>,
473 <option>process-group</option>,
474 <option>process</option>,
475 <option>none</option>.</para>
477 <para>This option is mostly equivalent
478 to the <option>KillMode=</option>
479 option of service files. See
480 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
481 for details.</para></listitem>
487 <title>See Also</title>
489 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
490 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
491 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
492 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
493 <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob